-----Original Message-----
From: vedaal [mailto:vedaal(_at_)hotmail(_dot_)com]
Sent: 22. mai 2002 15:01
To: ietf-openpgp(_at_)imc(_dot_)org
Subject: Re: secure sign & encrypt
[...]
I thought that a packet that simply records the elapsed time
in fractions of
a second, between signing and encrypting,
could be added without affecting the signature or encryption
packets, and
might be easier to implement without affecting
backward compatiblity.
If it is not signed (i.e. a signed signature packet) but only added
to the message on the outside, it is nothing that stops the attacker
from just faking that time packet.
[...]
If it is not a signature packet, I do not understand what would
keep the attacker from making a fake timestamp when
re-encrypting the
message.
It would be an 'record of actual elapsed time' packet,
measured from the
time the program calls for the time of signing,
to the time it calls for encrypting. It would not be 'calculated' by
measuring the recorded (old) timestamp of the signature,
and then re-setting the attacker's computer to the same time
and measuring
the fractions of seconds till the encryption.
You say "It would not be 'calculated' by ...", but then you rely
on the attacker using a certain program or implementation of OpenPGP.
When designing a security protocol, we must assume that an attacker
will be able to use any program that he likes or even write his own
programs.
If it is permitted by the protocol, the attacker can do it, even
if it is not possible to do it using the usual implementations of the
protocol.
{ i do not yet know how to read and write code :( , so it is only my
opinion of what seems plausibly 'do-able' ,
it may be that it has flaws that experienced programmers can
instantly see,
if so, i apologize in advance}
You are forgiven.
--
Terje Bråten